A chronicle of my journey and life lessons in the career of information security.

Friday, December 3, 2010

Wikileaks getting shafted

I remember seeing Julian Assange speaking at one of the Ruxmon meetings earlier this year and not long after, I got into a discussion with another infosec consultant who was in attendance. We were discussing whether we thought Wikileaks should have posted the Collateral Murder video. His view was that, while disclosures are necessary, he wondered if this was really a case of "fog of war" and whether the video was more an indication of an unfortunate, grizzly accident rather than a grotesque abuse of power (force of arms).

(Now, to be fair, Assange went to great lengths to explain the rules of engagement as officially passed down to military personnel to highlight the fact they had clearly violated said rules to carry out the attack.)

I was polarised at the time. I used to be a far left hippy in my youth but I think overtime I'd become more bipartisan in my thinking. I could see both sides and I have a tendency to play devil's advocate. I think I said something about "yeah but we need groups like Wikileaks, to keep governments accountable." Say what you will of the Collateral Murder video but you have to admit, if the purpose of government is to serve its people then the idea that it should also be answerable to the people, isn't a stretch (unless you support dictatorships or other forms of non-democratic government, in which case I think we're on different views and you should stop reading).

The point I'm making was I really didn't feel strongly enough one way or another, but notionally, I supported the organisation.

Then someone else this week suggested creating a new root DNS server, in opposition to ICANN's management. My initial thought was "Ok great, someone wants to setup a new root but how do you secure it and prevent flagrant abuse?" This is a governance problem, not a technical problem - hence my tweet on the subject.

Not long thereafter, Wikileaks got DDOSed. Then the site was dropped from Amazon. Then their DNS provider dropped them.

At first I was shocked. Then I was scared (yes, scared that this could happen as naive as that may sound).

And then I got angry.

One of the roles I used to work in was Network Abuse, where we used to deal with investigations ranging from professional spamhaus gangs, to child pornographers, to kiddies dealing trojans to steal Diablo II accounts, you name it. We used to deal with other ISPs to collaboratively take down sites or offenders of clearly malicious intent. It was like a code amoungst ISPs - even if there is no direct law for some of the things we did, we did it because it made sense to work together as a global community (of course emailing non-English speaking countries was always a challenge but I digress).

You could argue we took the law in our hands, but we acted when the evidence was overwhelming that these people were malicious. E.g. evidence of spam traceable to certain IP blocks. Abused credit card numbers. URLs of sites allegedly hosting kiddie porn, etc.

Today I just saw a bunch of companies give strawman excuses to drop Wikileaks like a hot potato, for reasons I can only attribute to political pressure or unsavory conditions. I get DDOS as a weapon of hacktivism - I understand the motive. But these companies wiggled out of the arrangement for very dubious reasons. The US Government which claims to protect individual freedoms and rights is using every means at its disposal to capture Assange and arrest him. Swedish authorities have acted against their own law, with largely uncredible testimony.

The bottom line is this - even if you didn't support Wikileaks before, the actions of all these various groups is actively working against them, as it will polarise various groups that would otherwise have remained enemies. I'm only one random dude with an Internet connection and a pedestal, but I can find myself in agreement with so many people I wouldn't have yesterday, how would some other folks out there feel, particularly those with more spare time, motivation and technical savvy? I can only imagine.

In Australia we've never had to fight for our independence or freedoms. We have no Bill of Rights. Subsequently most Australians really are largely apathetic to the notion of free speech. However, if you've lived abroad or travelled to communist or non-democratic countries, you begin to realise just how valuable it is. We may have no such war but I cherish it.

Today made me think that I am far, far more left wing than I ever thought I was and it sent a shock through me. I wound up making a donation to Wikileaks. Nothing large but enough to at least send a token of support.

I support Wikileaks because there may come a time when I need a voice for something I cannot say myself. I support Wikileaks for my family, friends and other people on this planet who may find themselves one day in a god awful place where they need a voice and Wikileaks is the only one who can provide it. There are some real scumbags on this planet who should be punished but they hold the balance of power. Wikileaks has real power to make those people answerable to a higher power. Without groups like them, the bad guys can and will win.

Even if you haven't always agreed with their actions to date, ask yourself:

Do you believe that businesses and governments alike should be answerable to the people?

Do you believe that no-one is above justice?

If you answer yes to either of the above, I also encourage you to make a donation to Wikileaks and support the cause.

In my spare time (bwahahah) I enjoy the finer things in life - time with my family, RPGs, video games, good food, good alcohol and time at the gym. I also enjoy martial arts training (if I'm not saddled with injuries that is).

While I am an employee of Dimension Data the views expressed here are my own and not those of my employer (blah blah blah usual caveats apply).